Aggregator

A vulnerability was found in Intel SUR for Gameplay Software and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2023-40154. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The identification of this vulnerability is CVE-2024-10280. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-10281. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The identification of this vulnerability is CVE-2024-10196. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Siemens JT2Go up to 13.2.0.5. It has been declared as critical. This vulnerability affects unknown code of the component PDF File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-41902. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

华为正式发布了不再兼容 Android 的 HarmonyOS NEXT，也就是不再能运行 Android 应用，华为高管余承东称，“HarmonyOS 已成为最具生命力的数字底座，截至当前已有 1.1 亿+代码行，15000+ 鸿蒙原生应用和元服务已上架，鸿蒙生态设备超过 10 亿...” 华为称美团、抖音、淘宝、小红书、钉钉、支付宝、WPS、京东、飞书等都已开发了原生应用，运行 HarmonyOS NEXT 的移动设备的整体性能提高 30%，电池寿命延长了 56 分钟，平均留出 1.5GB 内存用于运行操作系统以外的用途。华为目前没有计划在中国以外推出 Harmony OS NEXT。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.15/15.006. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-4104. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit

@网络基础设施安全赛道参赛人

On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. [...]

A vulnerability classified as problematic was found in Red Hat Enterprise Linux 7/8/9. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component PAM. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-10041. The attack needs to be approached locally. There is no exploit available.

The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be.

有关该漏洞及其利用方式的技术细节目前已被隐瞒，以便用户有时间进行应用安全更新。

据了解，F5 还开发了一种名为“BIG-IP iHealth”的诊断工具，旨在检测产品上的错误配置并向管理员发出警告。

A vulnerability classified as critical has been found in Meta Llama Stack. Affected is an unknown function of the component Pickle Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-50050. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in onnx up to 1.16.0. Affected by this issue is the function download_model_with_test_data of the component TAR File Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-5187. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Responsive Lightbox Plugin up to 2.4.7 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-43924. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in IBM DB2 and DB2 Connect Server 10.5/11.1/11.5. It has been classified as problematic. Affected is an unknown function of the component SQL Statement Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-31880. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.